Dimitri Shelest, OneRep: “privacy is safety - yours and that of your family”
When filling out online surveys or forms to apply for loans or buy a house, you do not think that your information can be used in malicious ways. But this data might end up on people-search sites, which will then profit from selling it.
People-search sites or data brokers are unregulated entities that usually store tens or hundreds of files on you, gathering them from a variety of sources, such as online surveys, forms, social media, public records, criminal records, and even court files. All this information is then sold to private or public corporations, as well as individuals.
Dimitri Shelest, Founder and CEO of OneRep, which helps remove your data from a variety of sites, talked to us about the dangers of data brokers, and how OneRep supports Internet users in owning their information.
Can you tell us more about how OneRep came to be? What was your journey like throughout the years?
I’m a former SEO consultant. Through my previous work, I learned about data brokers who use peoples’ personal information to attract traffic and resell data to other companies. You would be surprised by the amount of information those websites collect and expose about people. Many of them have intentionally difficult and time-consuming opt-out processes, they are constantly growing in numbers, and the personal information you have removed often resurfaces a few months later. Back in 2015, there were only two ways to fix privacy damage caused by these sites: spend weeks and months going through a labyrinth of opt-outs, or pay thousands of dollars to privacy and cybersecurity consultants who would take this burden off your shoulders.
This was when I decided to create my own company that would make privacy affordable for everyone. Right from the start, we designed OneRep to fully automate the daunting work of finding and removing profiles on numerous data brokers and people-search sites. Once we launched an MVP, our first customers signed up just hours after that. That’s how we knew our approach was really what people needed. Over 350,000 people have already used our service. And this year, we launched a new product to help businesses and the public sector protect their employees' privacy.
Automatic profile removal is one of OneRep’s key features. What does the process look like?
Yes, we were the first to automate the removal from people-search sites. The only thing our users have to do is enter the details needed to identify their unauthorized profiles on these sites, and our system will do the rest. OneRep scans over 100 sites, finds all the profiles that expose your information, and launches their automatic removal.
People-search sites often require verification via email or phone, which is neither safe nor secure. Instead, our system sends automatic opt-out requests via an email address or phone number specifically created for this purpose. Next, OneRep checks whether your profile has been deleted, and when it has, the user gets notified about the removal. This works without fail with every people-search site.
But our work doesn’t stop there—people-search sites update their databases 3 to 4 times a year and your information, as well as that of your family, may reappear in their databases. OneRep continuously monitors all such databases, and if your data pops up again, our system will automatically delete it. Worth noting that the 100+ sites update their information on different schedules. Can you imagine manually monitoring all these sites and guessing as to when their updates are coming?
We also keep a close eye on newly created data brokers to make sure they’re added to our removal list as soon as they appear.
Has the Covid-19 pandemic presented any new threats in the privacy protection landscape?
The pandemic accelerated personal data exposure. In just a few months, people shifted much more of their lives online, and their data inevitably followed. Pre-pandemic, the shift to digital was, of course, already a trend, but it would have taken years to get to the levels we are at now.
Massive amounts of personal data online gave rise to unique privacy risks involving social engineering, phishing and fraud schemes, and even real-life attacks. As of December 2, 2021, in the U.S. alone, the Federal Trade Commission (FTC) reported it had received almost 280,000 COVID-19-related fraud reports, with individual losses estimated at $623.5 million. Behind these numbers are the stories of everyday people who lost their money or reputation in COVID-19 schemes, got their identity stolen, and were attacked offline. That’s why we can’t stress enough how important your personal information protection is. Privacy is safety - yours and that of your family.
It seems like your work mainly involves people-search sites. What are they, and how can one’s information end up on these websites?
People-search sites, also known as data brokers, pull peoples’ private information from public records databases and other sources, and make a business out of selling it.
And it’s true, our only focus is on people-search sites because of their impact on personal privacy. Both in terms of the number of people (data brokers have details of almost every American) and the amount of information these websites collect. Plus, they are popular destinations that provide easy access to individuals with all kinds of intentions, as long as they’re willing to pay a few dollars for a background report.
Once these individuals get a hold of that background report, they learn tons of personal details on their search subjects, such as a home address, mobile phone number, income range, political preferences, how many children they have, and much more. People-search sites scrape this data from various, sometimes not-so-obvious sources. Say, you buy a house or apply for a loan. You fill out a simple online form without thinking too much about how the data you’ve shared will be used. Chances are it will find its way to global databases and eventually end up on people-search sites. Let's not forget about social media, online dating websites, job search engines, and other platforms where people voluntarily leave their details. Also, in the U.S., there is a huge number of public phone directories with business or personal contact information. People-search sites work hard to surface, aggregate, and package your personal data into a report they will then offer for sale.
Additionally, is it possible to remove personal information from data broker sites yourself?
It is. The law obligates these sites to allow opt-out if a person chooses to do so. However, it’s no easy task. Each site has its own opt-out process, often quite tricky and lengthy. For this reason, OneRep has even created free removal guides for most people-search sites to help you through the opt-out process. We update our guides frequently, as people-search sites change opt-out protocols often, and, as we already mentioned, new people-search sites pop up all the time. Even though our do-it-yourself guides are the most comprehensive ones available, the DIY approach is not easy; you need lots of free time, patience, and determination to get it done. More often, when people see what's involved, they simply give up or seek help from services such as OneRep.
How do threat actors use the information on people-search sites for malicious purposes? What are some of the worst cases you have run into?
A serious threat and a fast-growing crime is identity theft. The FTC estimates that tens of millions of Americans have their identities stolen each year. Using publicly available personal data and simple social engineering tricks, threat actors get access to online identities and start using them as they like—from opening credit lines in your name to applying for social benefits and tax reductions. The consequences are harsh. People have to take steps to freeze their credit; they lose their credit history and spend months restoring access to essential accounts.
Our customers also teach us that there is no such thing as a purely online threat, especially when it comes to privacy. No matter the cybercrime–whether it’s identity theft, phishing, harassment, or any other–there is always an impact on the victim’s real life. Take doctors, nurses, and healthcare administrators who are some of our active users. These professions were among the most vulnerable to on- and offline attacks even before COVID-19, which have been exacerbated since the start. Healthcare professionals often become the scapegoat for those who disagree with some measures being taken to thwart the pandemic. Medical workers have had it all—verbal and physical attacks, threats at work, pickets in front of their homes, and harassment on social media. It makes sense that we’ve seen an influx of users from the medical field, as well as social workers, government employees, and law enforcement professionals. They come in as individual users as well as, increasingly, employees of companies who are bringing privacy benefits onboard.
In the age of remote work, what can companies do to ensure cybersecurity as well as privacy protection for their workforce?
Companies can do quite a bit, and of course, every company must protect user and employee data because these people trusted you with their information in the first place. I think it’s very important to take steps to protect your employees' personal information in the digital era, when such data can be used in cyber attacks against companies, or even to stalk, harass and physically attack employees and their families just because people are doing their job. In addition to the healthcare and public service sectors already mentioned, it’s really anyone who has a job dealing with the public. From executives and influencers to customer support and sales teams. People no longer feel safe with just anyone being able to find their address or phone number on the Internet.
What do you think is going to be the next major threat to privacy protection? What safety measures should be implemented before it is too late?
It’s tough to make predictions. I can only make an educated guess based on emerging trends. From what I see, both tech companies and governments keep accumulating personal data, and the volume of personal information available online about private citizens nearly doubles every year.
For individuals, I can advise you to be more careful and adopt a privacy-first approach to everything you do, be it a digital purchase or account sign-up. Ask yourself, what this app or company can do with your data when they get it. Do you trust them enough to share it with them? Also, do not forget to read privacy policies. They will tell you precisely what the company plans to do with your data.
For companies, I would say, take a good look at the benefits you offer. Do they include privacy protection for your employees as individuals, who we know can impact the company as a whole? Also, review your data management practices, in general, to make sure your people and your intellectual property stay safe.
And finally, what’s next for OneRep?
We remain focused on removing personal data from data broker websites. With years of learning already behind us, being first to the landscape with full automation, and having a singular specialty, we are in a great spot to keep building and innovating. In addition to our growing individual user base, we’re increasingly partnertering with more companies—public and private—that are offering our services as an employee benefit. Every day brings new challenges, and we are working on expanding the functionality of our platform in order to turn it into a universal tool for protecting personal data online for people and companies.